Healthcare Technology Featured Article

Concerns Remain Whether Healthcare.Gov Site Is Secure

It now appears the U.S. Department of Health and Human Services (HHS) cannot find malicious software in computer networks used by the Affordable Care Act (Obamacare).

There were concerns voiced recently that the Healthcare.gov network could have included risky malware. These stem from allegations that the network was developed by software specialists from Belarus, part of the former Soviet Union, whose government is seen as being anti-American, according to the Free Beacon. But now the HHS is saying it appears none of the software was developed in Belarus, according to later news reports. One contractor on the project, CGI Federal, claims that all of the code was developed in the United States.

Meanwhile, U.S. Rep. Michele Bachmann (R., Minn.), the former presidential candidate, wanted the HHS to shut down the network until it could be proven personal data is not at risk through possible cyber-attacks. Bachmann has warned “private data posted by millions of Americans” could be “compromised” – and wants additional confirmation that programmers from Belarus were not involved.

Last year, an Internet data hijacking involving Belarus state-controlled networks rerouted massive amounts of U.S. Internet traffic to Belarus, Bachmann said in Congressional proceedings, citing news reports. Data from the Obamacare website could be rerouted to foreign locations, as well, and backdoors may let hackers or spies get into the site or related networks, she speculated. The healthcare site is connected to the Internal Revenue Service and the Department of Homeland Security websites.

The HHS investigated Healthcare.gov after warnings were issued by the U.S. Director of National Intelligence's Open Source Center. The intelligence report cautioned that programmers from Belarus could have built software which was “used to move patient information on Healthcare.gov and therefore may have access to data flowing through it,” according to Computer World.

Caitlin Hayden, a spokeswoman for the White House National Security Council, said in a recent statement that the intelligence report was recalled, but "HHS conducted a review to determine whether, in fact, any of the software associated with the Affordable Care Act was written by Belarussian software developers. So far HHS has found no indications that any software was developed in Belarus. However, as a matter of due diligence, they will continue to review the supply chain. Supply chain risk is real and it is one of our top concerns in the area of cybersecurity.”

Reuters reported the intelligence report was withdrawn because it was not up to the requirements of internal review standards, news reports said. Some critics of the website and the Obamacare rollout remain skeptical of the reasons for the withdrawal.

In 2013, a tech park official in Minsk claimed HHS was a customer. He was identified as Valery Tsepkalo, director of the High-Technology Park (HTP). Tsepkalo told Voice of Russia radio, “We are helping Obama” and “Our programmers wrote the program that appears on the monitors in all hospitals and all insurance companies—they will see the full profile of the given patient.”

Tsepkalo is a former ambassador to the United States from Belarus.

Beyond Bachman’s concerns, U.S. Rep. Mike Rogers, (R.-Mich.), chairman of the House Intelligence Committee, wants to see an independent review of Healthcare.gov for security risks, too. Rogers wanted the Obamacare network shut down until security testing is completed, as well.

The Healthcare.gov website had so many issues, that interested Americans could not sign up as planned on Oct. 1. President Barack Obama claims the glitches were fixed. Data from millions of Americans was entered onto the Healthcare.gov website after they signed up for healthcare exchanges.